Top IT Security Bloggers

  • Mr. Robot eps2.4m4ster-s1ave.aes – the security review

    Sophos - Naked Security
    How well did Mr. Robot do with its security concepts this week?
  • Couple sue over IP glitch that repeatedly sent Feds to their house

    Sophos - Naked Security
    Because their rural farmhouse was tagged as being at the center of the country, they've been accused of every imaginable internet atrocity.
  • Road Warriors: Beware of ‘Video Jacking’

    Krebs on Security
    A little-known feature of many modern smartphones is their ability to duplicate video on the device's screen so that it also shows up on a much larger display -- like a TV. However, new research shows that this feature may quietly expose users to a simple and cheap new form of digital eavesdropping.
    Dubbed "video jacking" by its masterminds, the attack uses custom electronics hidden inside what appears to be a USB charging station. As soon as you connect a vulnerable phone to the appropriate USB charging cord, the spy machine hijacks the phone's video display and records a video of everything you tap, type or view on it as long as it's plugged in -- including PINs, passwords, account numbers, emails, texts, pictures and videos.
  • Feds move to stop social media mockery of nursing home residents

    Sophos - Naked Security
    Workers sharing degrading/intimate/nonconsensual photos and videos may mean facilities get fined, written up or cut from Medicare.
  • CISOs adopt a portfolio management approach for cybersecurity

    Network World - Networking Nuggets and Security Snippets
    Enterprise CISOs are in an unenviable position. Given today’s dangerous threat landscape and rapidly evolving IT initiatives, CISOs have a long list of tasks necessary for protecting sensitive data and IT assets. At the same time, however, most organizations are operating with a shortage of skilled cybersecurity professionals.  According to ESG research, 46 percent of organizations claim  they have a “problematic shortage” of cybersecurity skills in 2016.In the past, CISOs (and let’s face it, all cybersecurity professionals) were control freaks often suspicious of vendors and service providers. Faced with today’s overwhelming responsibilities, however, many CISOs I’ve spoken with lately say they’ve changed their tune and have adopted more of a portfolio management approach to their jobs. To read this article in full or to leave a comment, please click here
  • Just What the Doctor Ordered: Trend Micro Takes the Hassle Out of Security for New CyberAid Program

    Trend Micro - Cloud Security Blog
    When it comes to healthcare security, media attention is usually focused on the mega breaches – think Anthem, Premera and, most recently, Banner Health. But there is a long tail of smaller organizations who also need help. That’s where the Health Information Trust Alliance (HITRUST) has expanded its focus. Its latest initiative, CyberAid, is designed...
  • Found an iOS zero-day? This firm will pay you $300,000 more than Apple

    Graham Cluley
    Exodus Intelligence is offering half a million dollars ($300,000 more than the maximum offered by Apple) to anyone who can sell them an iOS zero-day exploit.
    Read more in my article on the Tripwire blog.
  • Facebook starts bypassing adblockers

    Sophos - Naked Security
    Facebook wants you to choose which ads you see, provided the answer isn't "none".
  • Almost all cars sold by VW Group since 1995 at risk from unlock hack

    Graham Cluley
    Wired writes:
    Later this week at the Usenix security conference in Austin, a team of researchers from the University of Birmingham and the German engineering firm Kasper & Oswald plan to reveal two distinct vulnerabilities they say affect the keyless entry systems of an estimated nearly 100 million cars. One of the attacks would allow resourceful thieves to wirelessly unlock practically every vehicle the Volkswagen group has sold for the last two decades, including makes like Audi and Skoda. The second attack affects millions more vehicles, including Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot.
    The researchers are led by University of Birmingham computer scientist Flavio Garcia, who was previously blocked by a British court, at the behest of Volkswagen, from giving a talk about weaknesses in car immobilisers.
    At the time Volkswagen argued that the research could "allow someone, especially a sophisticated criminal gang with the right tools, to break the security and steal a car." That researchers finally got to present their paper a year ago, detailing how the Megamos Crypto system – an RFID transponder that uses a Thales-developed algorithm to verify the identity of the ignition key used to start motors – could be subverted.
    The team's latest research doesn't detail a flaw that in itself could be exploited by car thieves to steal a vehicle, but does describe how criminals located within 300 feet of the targeted car might use cheap hardware to intercept radio signals that allow them to clone an owner's key fob.

    The researchers found that with some "tedious reverse engineering" of one component inside a Volkswagen’s internal network, they were able to extract a single cryptographic key value shared among millions of Volkswagen vehicles. By then using their radio hardware to intercept another value that’s unique to the target vehicle and included in the signal sent every time a driver presses the key fob’s buttons, they can combine the two supposedly secret numbers to clone the key fob and access to the car. "You only need to eavesdrop once," says Birmingham researcher David Oswald. "From that point on you can make a clone of the original remote control that locks and unlocks a vehicle as many times as you want."
    Sounds to me like it's time to turn to the car manufacturers to ask what on earth they are going to do to fix the millions of potentially vulnerable vehicles they have sold in the last couple of decades.
    Read more, including the researcher's paper, on Wired.
  • R980 Ransomware Found Abusing Disposable Email Address Service

    Trend Micro - Security Intelligence
    Perhaps emboldened by the success of their peers, attackers have been releasing more ransomware families and variants with alarming frequency. The latest one added to the list is R980 (detected by Trend Micro as RANSOM_CRYPBEE.A).
    R980 has been found to arrive via spam emails, or through compromised websites. Like Locky, Cerber and MIRCOP, spam emails carrying this ransomware contain documents embedded with a malicious macro (detected as W2KM_CRYPBEE.A) that is programmed to download R980 through a particular URL. From the time R980 was detected, there have been active connections to that URL since July 26th of this year.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    R980 Ransomware Found Abusing Disposable Email Address Service

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release

Market Place